[kernel-sec-discuss] r5444 - active
Ben Hutchings
benh at moszumanska.debian.org
Tue Aug 1 00:55:16 UTC 2017
Author: benh
Date: 2017-08-01 00:55:16 +0000 (Tue, 01 Aug 2017)
New Revision: 5444
Modified:
active/CVE-2017-11472
active/CVE-2017-11473
active/CVE-2017-11600
active/CVE-2017-7541
active/CVE-2017-7542
active/CVE-2017-9986
Log:
Fill in status of most issues
Modified: active/CVE-2017-11472
===================================================================
--- active/CVE-2017-11472 2017-07-28 08:16:19 UTC (rev 5443)
+++ active/CVE-2017-11472 2017-08-01 00:55:16 UTC (rev 5444)
@@ -1,12 +1,16 @@
Description: ACPICA: Namespace: fix operand cache leak
References:
Notes:
+ bwh> This is not a valid issue as ACPI tables are trusted. The issue of
+ bwh> kASLR being broken through stack traces is mitigated by commit
+ bwh> bb5e5ce545f2 "x86/dumpstack: Remove kernel text addresses from stack
+ bwh> dump".) and by the dmesg_restrict feature.
Bugs:
upstream: released (4.12-rc1) [3b2d69114fefa474fca542e51119036dceb4aa6f]
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-upstream-stable: ignored
+3.16-upstream-stable: ignored
+3.2-upstream-stable: ignored
+sid: ignored
+4.9-stretch-security: ignored
+3.16-jessie-security: ignored
+3.2-wheezy-security: ignored
Modified: active/CVE-2017-11473
===================================================================
--- active/CVE-2017-11473 2017-07-28 08:16:19 UTC (rev 5443)
+++ active/CVE-2017-11473 2017-08-01 00:55:16 UTC (rev 5444)
@@ -2,12 +2,13 @@
References:
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=70ac67826602edf8c0ccb413e5ba7eacf597a60c
Notes:
+ bwh> This is not a valid issue as ACPI tables are trusted.
Bugs:
upstream: released (4.13-rc2) [dad5ab0db8deac535d03e3fe3d8f2892173fa6a4]
4.9-upstream-stable: released (4.9.40) [036d59f40ac94964a1bbc8959f78f34efac71fd5]
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-upstream-stable: ignored
+3.2-upstream-stable: ignored
+sid: ignored
+4.9-stretch-security: ignored
+3.16-jessie-security: ignored
+3.2-wheezy-security: ignored
Modified: active/CVE-2017-11600
===================================================================
--- active/CVE-2017-11600 2017-07-28 08:16:19 UTC (rev 5443)
+++ active/CVE-2017-11600 2017-08-01 00:55:16 UTC (rev 5444)
@@ -2,12 +2,14 @@
References:
http://seclists.org/bugtraq/2017/Jul/30
Notes:
+ bwh> Introduced by commit 5c79de6e79cd "[XFRM]: User interface for handling
+ bwh> XFRM_MSG_MIGRATE" in 2.6.21.
Bugs:
-upstream:
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+upstream: needed
+4.9-upstream-stable: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+4.9-stretch-security: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-7541
===================================================================
--- active/CVE-2017-7541 2017-07-28 08:16:19 UTC (rev 5443)
+++ active/CVE-2017-7541 2017-08-01 00:55:16 UTC (rev 5444)
@@ -1,12 +1,14 @@
Description: brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
References:
Notes:
+ bwh> Introduced by commit 18e2f61db3b70 ("brcmfmac: P2P action frame tx.")
+ bwh> in 3.9.
Bugs:
upstream: released (4.13-rc1) [8f44c9a41386729fea410e688959ddaa9d51be7c]
4.9-upstream-stable: released (4.9.39) [414848bba6ab91fe12ca8105b4652c4aa6f4b574]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: pending
+3.2-upstream-stable: N/A "Vulnerable code not present"
sid: pending (4.12.3-1)
4.9-stretch-security: pending (4.9.30-2+deb9u3) [bugfix/all/brcmfmac-fix-possible-buffer-overflow-in-brcmf_cfg80.patch]
3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/brcmfmac-fix-possible-buffer-overflow-in-brcmf_cfg80.patch]
-3.2-wheezy-security:
+3.2-wheezy-security: N/A "Vulnerable code not present"
Modified: active/CVE-2017-7542
===================================================================
--- active/CVE-2017-7542 2017-07-28 08:16:19 UTC (rev 5443)
+++ active/CVE-2017-7542 2017-08-01 00:55:16 UTC (rev 5444)
@@ -3,10 +3,10 @@
Notes:
Bugs:
upstream: released (4.13-rc2) [6399f1fae4ec29fab5ec76070435555e256ca3a6]
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
+4.9-upstream-stable: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
4.9-stretch-security: pending (4.9.30-2+deb9u3) [bugfix/all/ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch]
3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch]
-3.2-wheezy-security:
+3.2-wheezy-security: needed
Modified: active/CVE-2017-9986
===================================================================
--- active/CVE-2017-9986 2017-07-28 08:16:19 UTC (rev 5443)
+++ active/CVE-2017-9986 2017-08-01 00:55:16 UTC (rev 5444)
@@ -5,7 +5,7 @@
bwh> Also, Debian doesn't build the OSS drivers.
Bugs:
https://bugzilla.kernel.org/show_bug.cgi?id=196135
-upstream:
+upstream: needed
4.9-upstream-stable: ignored "Minor issue"
3.16-upstream-stable: ignored "Minor issue"
3.2-upstream-stable: ignored "Minor issue"
More information about the kernel-sec-discuss
mailing list